Power corrupts: risks from new US wiretap laws

New, expanded, wiretapping rules are being discussed. What are the privacy issues this raises? What are the other personal liberty implications of such rules, differences between monitoring voice and data and some potential solutions that balances national security and privacy requirements?

The requirements:

The reason these laws are being considered are clear: voice communication over traditional links are becoming irrelevant (a humorous post from Dilbert touching on some of the usability issues: http://bit.ly/8XsxPe). However there are also practicalities for normal users such as cost: it is a lot cheaper to pay for a mobile data plan or broadband or free wifi at a coffee shop and have a conversation, especially an international one over Skype or Fring rather than paying the international tariff to the carriers. Webcams and Facetime technologies also make voice over IP technology attractive and the availability of Skype et al as apps on Android and iOS and other smartphone devices make it convenient.

Terrorists, white collar criminals and everything in between, are also no doubt attracted to this technologies due to in no small part their reliability (e.g. Internet access is probably easier from Pakistan to Afghanistan than voice links), cost and of course perceived greater difficulty for authorities and the competition to intercept secrets.

Recent demands by the UAE and India on Research in Motion (RIM) to make their traffic visible to government departments highlights this as a reality rather than speculation. As Alex Stamos illuminated me on Quora (http://bit.ly/dAKfDT):

"There are many different types of Blackberry message. By far the most secure way to receive a message on your Blackberry is to use a Blackberry Enterprise Server (BES) hosted inside of your organization and tied to a private email server. In this situation, during tethered or over-the-air (OTA) provisioning, your phone and the BES server securely exchange their public key identities and negotiate a master symmetric key for all future communication. Messages are individual encrypted with per-message keys that are derived or enveloped using the shared master key. In theory, not even RIM should be able to decrypt these messages, which is an assumption necessary for their continued success in the corporate and government markets.

It's my understanding that the messages that these countries are trying to access are "PIN-to-PIN messages", which are sent directly between devices without the use of a BES or BIS server. To send one of these messages all you need is your friend's PIN number from the back of their device. This mechanism is assumed by many people to be more secure than SMS text messages, which are sent completely in the clear and can be trivially tapped by government or amateur adversaries. Blackberries encrypt PIN-to-PIN messages using a shared symmetric key, meaning that any Blackberry can be used to read any PIN-to-PIN message. RIM is quite honest about this in their document, stating:

"During the manufacturing process, Research In Motion (RIM) loads a common peer-to-peer encryption key onto Blackberry devices. Although the Blackberry device uses the PIN-to-PIN, or peer-to-peer, encryption key with Triple DES to encrypt PIN messages, every Blackberry device can decrypt every PIN message that it receives because every Blackberry device stores the same peer-to-peer encryption key. PIN message encryption does not prevent a Blackberry device other than the intended recipient from decrypting the PIN message. Therefore, consider PIN messages as scrambled—but not encrypted—messages.""

Therefore governments, including the US, are presumably catching upto to this risk and taking knee-jerk measures such as this legislation to attempt to match their current capabilities in the voice world to the data world.

As ordinary citizens who want a safe world it is difficult to argue with this requirement, much like IT security and usability, civil liberties and national security often seem to be in conflict and like tectonic plates produce the occasional tsunamis. Unfortunately incidents such as 9/11 can often produce an over reaction and allow of passing of emergency legislation that is not well thought out such as the Patriot Act. Fortunately we do not have such an incident when this is being considered so hopefully there can be much more constructive debate and balanced measures.

The risks

The risks are relatively self evident. It has hard even as a law abiding individual to feel entirely comfortable with "big brother" listening to all your data conversations as they could to your voice and physical movements (aka CCTV).

The cheapest and simplest technical solutions to enable the enforcement of this legislation would be to create an "additional decryption key" or store all the private keys for servers in government storage system. This would enable government agencies to effectively perform a man in the middle attacks on the most common encryption used on the internet: TLS/SSL used for https communications.

This of course creates a back door to all secure communications. Every additional private key store that is created increases the risk that the wrong people could get access to these keys. This could be a very attractive honeypot to hackers, terrorists and of course as all power corrupts inappropriate and illegal use by authorized parties.

There are also some key differences of data compared to voice. Data with our current infrastructure is a lot easier to store on mass than voice conversations that tend to be more transient. The companies and entities that could record a data conversation are larger than voice, e.g. your ISP, anyone with access to the free wireless network, any servers and network infrastructure that the packets are routed via could potentially make a copy of this information. Voice on the other hand is more limited to your carrier and anyone with physical access to the telecommunications information. When this is combined with the additional attack surface created by duplicate or backdoor keys the risk that sensitive and private information being compromised is significantly increased.

The application of the legislation is also critical, if like wiretapping on voice lines probable cause needs to be established, a search warrant by a judge granted, a tap setup on a specific individual (s), this information limited to authorized parties and handled with due care - then there is less cause for concern. If this on the other hand either directly or via being a risk to national security grants the ability to record and decrypt all conversations of all individuals to allow for analysis of potential "terrorist" chatter then the damage to civil liberties is immeasurable.

Technical difficulties

In addition to the privacy and potential for abuse risk that this legislation raises there may also be some technical difficulties that monitoring data compared to voice. Key differences include:

The distributed nature of data transfer - the Internet succeeded and has a level resilience because packets can be routed through a large number of difference sources before reaching the final destination. A potential terrorist conversation between Afghanistan and Canada could go through hundreds of intermediate network infrastructure. It is difficult if not impossible to find single points where data conversations can be tapped

Large number of protocols - while additional decryption keys or copies of the private keys could be effective for https, how about encrypted skype, Internet Relay Chat (IRC), bittorrent, secure ftp, video streaming, real audio etc etc, there are so many different protocols and ways of transferring data securely - a technical method for being able to intercept and decrypt all of them needs to be developed.

Client encryption - even if the you have mechanism for decrypting the transport, and especially if the participants want to keep something secure why would they not use a number of additional layers of encryption? E.g. the equivalent of using PGP to encrypt email traffic that runs over a Blackberry device. Even if India or the UAE can intercept and decrypt the Blackberry traffic due to the access that RIM provided them, there is almost no way for them to decrypt the additional layer of PGP encryption.

The bottom line is that even if this law is passed and a large number of innocent citizen’s conversations gets recorded and monitored, it may not actually provide any benefit in monitoring actual terrorists and criminals that really want to keep their data conversations secure.

Possible solutions

I would actually argue that the government requirement can be clarified. Rather than requiring access to all data all of the time they require specific access to specific conversations under a search warrant with probability cause. This is a requirement that has more options with less risks.

HTTPS works by using asymmetric keys to create a secure session and exchange a symmetric session key which is then used to encrypt the remainder of the conversation. Therefore an option for at least for HTTPS type secure conversations is for the servers to log the session key. This would mean that if they authorities gained approval from a judge to access a specific conversation, they could obtain just the copy of that conversation and use the session key to decrypt it. This would prevent wide trawling and the need to have additional decryption keys or additional repositories of private keys. This would reduce the risk of this law for potential abuse while still enabling monitoring of potentially criminal or terrorist conversations.